Apple has rolled out crucial security updates for older iPhones and iPads running iOS 16 and iOS 15. These updates aim to patch a serious vulnerability known as the "Coruna" exploit, recently uncovered by security researchers. This move ensures devices no longer compatible with the latest iOS versions still receive critical protection.
The update applies not only to iPhones but also to iPads operating on iPadOS 16 and 15. Apple released four software versions simultaneously: iOS 16.7.15, iOS 15.8.7, iPadOS 16.7.15, and iPadOS 15.8.7. According to Apple’s official security notes, these updates contain essential fixes addressing multiple vulnerabilities within device kernels and the WebKit browser engine.
Critical Kernel Vulnerability Fixed
One of the most severe flaws addressed is tracked as CVE-2023-41974, a kernel-level use-after-free issue. This bug allowed malicious applications to execute arbitrary code with kernel privileges. Kernel privileges provide the highest level of access on the operating system, enabling attackers to fully control affected devices. Apple resolved this by improving memory management to prevent such exploits.
Multiple WebKit Security Flaws Patched
The updates also remedied several WebKit engine vulnerabilities, the core technology behind Safari and other iOS browsers. Key patched issues include:
- CVE-2024-23222: A type confusion error allowing remote code execution.
- CVE-2023-43000: Use-after-free memory mismanagement.
- CVE-2023-43010: Unsafe memory handling.
These flaws could have allowed malicious web content to crash devices or run harmful code stealthily. Apple’s fixes strengthen defenses against such web-based attacks.
The Coruna Exploit Overview
The Coruna exploit campaign was first exposed by Google’s Threat Intelligence Group (GTIG). It leverages a complex chain involving 23 security flaws across iOS versions released between September 2019 and December 2023. Successful exploitation can bypass multiple layers of iOS security, granting attackers deep system access. This makes the latest Apple patches especially urgent and important for affected devices.
Extending Security to Legacy Devices
While many fixes were already present in newer iOS releases, Apple’s recent updates specifically target older devices that no longer receive full system upgrades. By backporting these security enhancements, Apple extends protection to users of legacy hardware, addressing potential attack vectors still prevalent in the wild.
Users are strongly urged to install these security updates immediately to mitigate the risk of compromise. Delaying installations can leave devices vulnerable to active exploits targeting the Coruna vulnerabilities.
How to Update Your Device
For users with eligible iPhones and iPads, the update process is straightforward:
- Open the Settings app.
- Tap General.
- Select Software Update.
- Allow the device to check for available updates.
- Tap Download and Install.
- Agree to terms and conditions.
- Wait for the installation to complete; the device may reboot several times.
Following these steps ensures the device is fortified against the latest cyber threats, even if new iOS features are not available for older models.
Apple’s commitment to backporting critical security patches highlights its focus on user safety across its ecosystem. The emergence of exploits like Coruna underscores the ongoing need for vigilance and timely updates. By maintaining updated software, iPhone and iPad users can protect themselves from sophisticated attacks exploiting kernel and WebKit vulnerabilities.
Staying current with security updates remains a key element in safeguarding mobile devices from evolving threats. Apple’s latest iOS 16.7.15 and iOS 15.8.7 updates demonstrate the company’s dedication to protecting older devices beyond their upgrade lifecycle.
-
-
-
-
